diff mbox series

[Openvpn-devel,v2] dco: pass remoteaddr only for UDP peers

Message ID 20250309153017.5163-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v2] dco: pass remoteaddr only for UDP peers | expand

Commit Message

Gert Doering March 9, 2025, 3:30 p.m. UTC 
From: Antonio Quartulli <antonio@mandelbit.com>

TCP connected sockets do not need any remote addr
because the destination is fixed.
For this reason we can avoid sending the remote addr
along the peer-new dco call.

This change is important on Linux because the new 'ovpn'
kernel module is stricter when it comes to accepting
netlink messages and will reject calls with TCP sockets
if a remote address is specified.

Change-Id: I76e2e616c6ffe436a9627fa71aaace74030b2f4a
Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/842
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering March 9, 2025, 4:41 p.m. UTC | #1 
Tested with and without DCO on Ubuntu 20.04.

Not tested on FreeBSD (no TCP support in DCO) or Windows (in this 
particular code path, it's a no-op call).

Your patch has been applied to the master branch.

commit 90d7881e32ec371874c020f756bd35d1959e9698
Author: Antonio Quartulli
Date:   Sun Mar 9 16:30:17 2025 +0100

     dco: pass remoteaddr only for UDP peers

     Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20250309153017.5163-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg31078.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c
index 02fae81..973c848 100644
--- a/src/openvpn/dco.c
+++ b/src/openvpn/dco.c
@@ -515,8 +515,9 @@ 
         c->c2.tls_multi->dco_peer_id = -1;
     }
 #endif
-    int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id,
-                           c->c2.link_sockets[0]->sd, NULL, remoteaddr, NULL, NULL);
+    int ret = dco_new_peer(&c->c1.tuntap->dco, multi->peer_id, sock->sd, NULL,
+                           proto_is_dgram(sock->info.proto) ? remoteaddr : NULL,
+                           NULL, NULL);
     if (ret < 0)
     {
         return ret;